Analysis Overview
SHA256
66840b6eb3f4f15d1c20657cbdc09e13baac8d0c75efc76f49ccc5b198d3c238
Threat Level: Known bad
The file Usda_annual_lease_agreement_certification_statement (kg).js was found to be: Known bad.
Malicious Activity Summary
GootLoader
Blocklisted process makes network request
Script User-Agent
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-09-19 15:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-09-19 15:10
Reported
2022-09-19 15:13
Platform
win7-20220901-en
Max time kernel
137s
Max time network
142s
Command Line
Signatures
GootLoader
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wscript.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Usda_annual_lease_agreement_certification_statement (kg).js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ls1969.fr | udp |
| FR | 87.98.150.35:443 | www.ls1969.fr | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-09-19 15:10
Reported
2022-09-19 15:13
Platform
win10v2004-20220812-en
Max time kernel
100s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Usda_annual_lease_agreement_certification_statement (kg).js"
Network
| Country | Destination | Domain | Proto |
| IE | 13.69.239.74:443 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.252.118.126:80 | tcp | |
| US | 8.252.118.126:80 | tcp | |
| US | 8.252.118.126:80 | tcp | |
| NL | 104.80.225.205:443 | tcp |